Based on the security information you obtained earlier, you must design solutions that support proper functioning of software components within the constraints of the network security environment.

• For communication between Domain Managers across firewalls, plan on opening a hole in the firewall for communications. Certain TCP and UDP ports must be opened for proper communications:

  • SNMP polls: port 161

  • SNMP traps: port 162

  • Broker: port 426

  • License Manager: port 1744

  • Domain Manager: One port each, which can be configured

  • Adapters, including the Syslog Adapter and the SNMP Trap Adapter (Receiver). “Deploying Syslog Processing” on page 85 and “Deploy trap processing” on page 133 provide more information about the Syslog Adapter and the SNMP Trap Adapter.

• If access lists are used, plan on deploying the IP addresses of hosts that include Domain Managers to the access list of devices that will be managed. The Domain Manager, for example, must have full access to browse the MIBs of the devices. (The specific MIBs are listed in the IP Manager User Guide and the IP Manager Reference Guide.) Depending on the network size and complexity, this task might require scheduling to obtain support from the organization’s network personnel.

• You must have a listing of SNMP versions and related security parameter values that are used by specific devices in the organization’s network. Due to security concerns, it might not be appropriate to include them in the deployment build guide.

  In addition, consider the level of security to configure for products. The security mechanisms support various levels of user authentication and both authentication and encrypted communication between products. Ensure that you understand the capabilities described in the System Administration Guide and then choose a level of security that is appropriate for the deployment.